Info: Phishing mails “espace client”

Dear customers,

We would like to inform you about a new phishing wave that is aimed at both customers and non-customers.

The email with the subject “espace client” pretends to come from edpnet service desk and contains a phishing link.

Please do not reply to those emails and do not click on the link. For more information, please, consider reading through our support article on this subject

https://www.edpnet.be/en/support/troubleshooting/internet/learn-about-security/phishing.html

If you have any questions left, please do not hesitate to contact us.

Best regards
The edpnet team


Phishing : Fake notice of deactivation of your edpnet account

Dear customers,

We would like to inform you about a new phishing wave that is aimed at both customers and non-customers.

The email with the subject “Kennisgeving van deactivering van Edpnet-account” pretends to come from edpnet service desk and contains a phishing link.

Please do not reply to those emails and do not click on the link. For more information, please, consider reading through our support article on this subject

https://www.edpnet.be/en/support/troubleshooting/internet/learn-about-security/phishing.html

If you have any questions left, please do not hesitate to contact us.

Best regards
The edpnet team


Outage: Datacenter Sint-Niklaas. SOLVED

Dear customers,

We are currently experiencing an outage with our datacenter in Sint-Niklaas, one of our core routers there has crashed.  Our Network Operations team is investigating this outage.  Further updates will be released as soon as possible.

EDIT 10:19*: The issues were resolved at 9h30. We are investigating further.

Please find all details below:

Start*: 13-08-2021 8:15*
End*: 13-08-2021 9:30*
Duration: Approx. 75 minutes
Impacted services: Mail/webmail services, my edpnet, etc.
Affected Areas**: ALL

 

We apologize for the inconveniences.

Best regards
The edpnet team

*All times are listed in CET, Central European Time
** Check the different areas & zones on our support site


Info: Phishing mails “MAIL QUOTA EXCEEDED”

Dear customers,

We would like to inform you about a new phishing wave that is aimed at both customers and non-customers.

Customers receive emails pretending to come from a mailserver / support center, etc. The message tells you that your mail storage quota has been exceeded and incoming mails have been placed on hold until you click on a link.

Here is an example:

This is a blackmail spam and opening the link may cause a leak of your logins.

Please do not reply to those emails and do not open any files or click on any links. For more information, please, consider reading through our support article on this subject

https://www.edpnet.be/en/support/troubleshooting/internet/learn-about-security/phishing.html

If you have any questions left, please do not hesitate to contact us.

Best regards
The edpnet team


Outage: edpnet office numbers unreachable : SOLVED

Dear customers,

We have experienced an outage with our reachability by phone.  We were unable to receive or make any calls with our office numbers. Our Network Operations team has investigated and resolved the outage.

Please find all details below:

Start*: 22-03-2021 08:08
End*: 22-03-2021 09:40
Duration: 1 hour 32 minutes
Impacted services: edpnet support reachability
Affected Areas**: edpnet office

 

We apologize for the inconveniences.

Best regards
The edpnet team

*All times are listed in CET, Central European Time
** Check the different areas & zones on our support site


Info: Report on the recent wave of attacks on FRITZ!Box modems

Dear customers,

Several media across Europe reported an increased number of unsuccessful access attempts to FRITZ!Box modems. Edpnet has taken the necessary measures to avoid possible attempts and mitigate the risk for our customers.

The access attempts are usually automated and originate from unknown remote sites on the internet, using common user names and passwords, and are known as brute-force attacks.

The recent wave of attacks was originated from the IP address 185.232.52.55 which, according to AbuseIPDB, has been involved in multiple abusive activities for quite a while now. Our NOC team denied all traffic from this IP address to our network, which will make further attacks impossible.

Generally these attacks are not something to worry about, as hackers rely on password stuffing (a systematic attempt at guessing all possible combinations in a particular character space), which, as long as the device is protected by a strong and unique password, does not appear to carry any significant risk for users.

FRITZ!Box has its own built-in brute-force protection system which notably reduces the risk of a successful intrusion. Those FRITZ!Box devices over which we have a remote control via the protocol TR-069 are also secure: we use automatically generated users and passwords which are virtually impossible to guess. Apart from that, our team is on standby 24/7 to blackhole the IP addresses which are engaged in abusive activities should a new massive attack happens.

The situation has also been acknowledged by AVM, the manufacturer of FRITZ! products. To make it more difficult for unauthorized persons to access your FRITZ!Box and to minimize the number of weak points for potential attacks, check out the following safety instructions: https://en.avm.de/service/fritzbox/fritzbox-7360/knowledge-base/publication/show/3299_FRITZ-Box-reports-Login-by-user-failed/

If you have any questions left, please do not hesitate to contact us.

Best regards
The edpnet team


Emergency maintenance on 02/02/2021 – impacted services: All internet services : CLOSED

Dear customers,

Edpnet has planned an emergency maintenance on the Amsterdam router.

The passing traffic will be rerouted, but customers may notice higher latency and speed issues.

Please find all details below:

Start*: 02-02-2021 16:00
End*: 02-02-2021 17:00
Duration: up to 30 minutes
Impacted services: all internet services
Affected Areas**: all areas

 

We apologize for the inconveniences.

Best regards
The edpnet team

* All times are listed in CET, Central European Time
** Check the different areas & zones on our support site


Info: Report on the recent DDoS issue

Dear customers,

Starting from Friday edpnet was subject to major Denial of Service attacks (DDoS). An overview of the attacks and the time frames can be found below:

  • Friday 28/08/2020, 18:00 – 19:00
  • Sunday 30/08/2020, 20:30 – 20:45
  • Sunday 30/08/2020, 22:20 – 00:55
  • Monday 31/08/2020, 04:05 – 05:05
  • Monday 31/08/2020, 11:15 – 18:45

In the past edpnet was always capable of mitigating these attacks ourselves by blocking these at the edge of our network. It looks like we were lucky in the past, and our luck ran out.

The attacks were this time directed towards our core networking equipment, primary and backup, and the traffic reached 200 Gbps, way too much for us to handle ourselves, causing DNS issues, and slow internet connections towards multiple destinations. Therefore we decided to contact a party (NBIP-NaWas) specialized in resolving these attacks, and setup a connection with them. This connection was up and running by midnight, and they mitigated 5 more attacks (three of 100 Gbps, two of 200 Gbps) without impact for our customers, proving it works. Two examples of such attacks can be found below:

This setup is permanent, and this way we can minimize these kind of attacks much quicker, reducing the impact to a bare minimum.

You can read some background information online:

https://datanews.knack.be/ict/nieuws/ddos-aanval-treft-edpnet/article-news-1635675.html

https://datanews.levif.be/ict/actualite/une-attaque-ddos-touche-edpnet/article-news-1326101.html

https://tweakers.net/nieuws/171594/belgische-provider-edpnet-heeft-al-vier-dagen-te-maken-met-ddos-aanvallen.html

We sincerely apologize for any inconveniences caused.

Customer-friendly regards
The edpnet team

P.S. Today 04/09 we can confirm there were no new attacks in the last 48 hours.


Outage : Problem with internet services – DDoS attacks on 28/08-31/08/20 : SOLVED

Dear customers,

We have experienced an outage with internet services (traffic drops) due to several DDoS attacks*** on our network. The attacks occurred at different hours and were causing intermittent connection, speed issues and packet loss. The heaviest one took place on Monday 31/08 and lasted from 11h15 until 18h45. Outside of those hours, everything was normal. Our Network Operations team has found and applied (on 01/09 at 1h29) a permanent solution to prevent and immediately mitigate such attacks in the future.

Please find all details below:

Start*: 2020-08-28 18:00*
End*: 2020-09-01 01:29*
Duration: 1) 2020-08-28 18:00 – 2020-08-28 19:00

2) 2020-08-30 20:30 – 2020-08-30 20:45

3) 2020-08-30 22:20 – 2020-08-31 00:55

4) 2020-08-31 04:05 – 2020-08-31 05:05

5) 2020-08-31 11:15 – 2020-08-31 18:45

Impacted services: all internet services
Affected Areas**: all areas

EDIT 12:30*: We have been under attack again since approximately 11:15. Access to our issues blog was limited so we were unable to keep you updated. Our apologies. We are doing our best to mitigate and solve the problem.

EDIT 2: 15h12*: Seems that the last attack is still ongoing.  We are working hard to try to minimize the impact. Rebooting your modem/router to receive new DNS servers can help (but not guaranteed).  In general surfing should be possible, only certain destinations will be difficult to reach.  We keep you posted.

EDIT 3: 20h25*: The last attack finished at 18:45. We did our best to mitigate what was possible but the overload was extensive. Edpnet DNS servers are currently available again. We are working very hard with an external party towards providing a permanent solution to minimize the impact of any further attacks.

We apologize for the inconveniences.

Best regards
The edpnet team

*All times are listed in CET, Central European Time
** Check the different areas & zones on our support site

*** DDoS (Distributed-Denial-of-Service- attack) is kind of a cyber-attack, when malicous users seek to make a machine or network resource unavailable by flooding the provider or target with superfluous requests, which results in systems overload and connectivity issues


Outage : Problem with internet services – SOLVED

Dear customers,

We are currently experiencing an outage with internet services (traffic drops). Our Network Operations team is investigating the outage.

Further details on the affected areas and an estimated duration will be released as soon as possible.

EDIT 19:40*: Our DNS-servers were the target of a concerted DDOS-attack for approximately one hour (18:00 – 19:00), involving large amounts of traffic and major network saturation. At this time the attack has cleared up and we are investigating further.

EDIT 30/8 20:35*: It seems like we’re being attacked again since a few minutes. Our Network Operations team is investigating. More updates will follow soon.

EDIT 20:45*: The attack was mitigated after some actions from our Network Operations team. It was smaller than last time, but still very much able to knock out our DNS-servers. We’re working to restore all services.

EDIT: 21:15*: All services are restored.

EDIT: 31/8 5h05 We experienced other waves of DDoS attacks between 30/8 22h20 and 31/08 05h05. For the moment, the attacks are fully mitigated.

We apologize for the inconveniences.

Best regards
The edpnet team